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iPad mini with 
Retina Display 


The Rise of the 
Windows Mini-Tablet 

I f one were to chart the rise of the mobile computing devices that have 
replaced full-sized portable computers and compare those milestones 
to Microsoft’s ability to shift with the changing times, two facts would 
become immediately obvious. One, the mainstream computing public is 
rallying around smaller devices. And two, although Microsoft has been 
late in the game at every possible stage, its resulting solution is often 
best-of-breed. So how do the new Windows mini-tablets stack up? 

Mini-tablets are those tablets with screens in the 7- to 8-inch range. 
(As opposed to “full-sized” tablets, which typically offer 9- to 11-inch 
screens.) The boom in tablet sales over the past two years has really 
been a boom in mini-tablet sales, which, contrary to then-Apple CEO 
Steve Jobs’ 2010 assertion, were most decidedly not “dead on arrival.” 
Devices such as the Amazon Kindle Fire and the Google Nexus 7 
proved immediately popular, in fact, leading Apple to backtrack and 
release an iPad mini as the entire tablet market coalesced around 
these mini devices. 
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Of course, that all happened between 2010 and 2012. By 2013, mini¬ 
tablets were long the volume leaders in tablet sales, but Microsoft was 
just getting into the tablet business with full-sized Surface devices and 
various full-sized tablets and hybrid PCs made by its partners. Micro¬ 
soft didn’t have a mini-tablet platform in place until mid-2013, when 
it began allowing its PC maker partners to start shipping such devices. 

A Pattern of Slowness 

This slow pattern, which you’re right to find a bit alarming, follows 
a general Microsoft slowness that greeted each recent trend in mobile 
computing. Microsoft didn’t see netbooks coming—the devices launched 
initially with Linux, giving the open-source community a last gasp at 
desktop computing relevance—at a time when the firm was selling 
the bloated Vista. 

But when it comes to mobile computing, it is of course Apple that Micro¬ 
soft—and the rest of the industry—took a back seat to. Apple invented 
modern, touch-based smartphones, with the iPhone, and Microsoft’s 
Windows Phone response took three and a half years to arrive. Micro¬ 
soft also didn’t anticipate the Ultrabook, which Apple launched as the 
second-generation MacBook Air in 2010. (Intel announced the Ultrabook 
spec in 2011, but MacBook Airs have consistently outpaced Windows 
PC battery life since their inception, despite running on nearly identical 
hardware.) And Microsoft of course didn’t see the rise in what I now 
call full-sized tablets—what some analysts called “media tablets”—with 
the release of the iPad in early 2010. Windows 8, Surface, and the first 
new iPad-like Windows tablets arrived in late 2012. If there’s a positive 
to this pattern, it’s that Microsoft has often (but not always; Zune comes 
to mind) succeeded by being late to market in the past. 

Microsoft provided XP for netbooks until the thin and light Win¬ 
dows 7 was finally ready, casting Linux back to the fringe where 
it rightfully belongs. Windows Phone might have been late to mar¬ 
ket, but its innovative design has influenced both Android and iOS 
strongly—most obviously in the design copycat iOS 7—and sales have 
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risen steadily, quarter by quarter, with Windows Phone surpassing 
BlackBerry as the third mobile ecosystem in the world; it’s number 
two ahead of iPhone in some key markets, too. 

Apple’s MacBook Air continues to sell well, and the device is con¬ 
sistently a best-seller. But it hasn’t helped Apple achieve meaning¬ 
ful marketshare gains, even in the worst year in PC sales history: 
In the most recent quarter at press time, the Mac accounted for just 
5.7 percent of all PC sales. And Microsoft and its partners have estab¬ 
lished Ultrabooks as the PC computing standard, with touch capabili¬ 
ties going mainstream as we head into 2014. On the tablet front, of 
course, Windows 8.1 (and Windows RT 8.1) significantly improves 
the Windows story on tablets in general, and Microsoft’s contention 
that its Surface devices are the “most productive” tablets—because of 
Office, of course, but also because they are PCs—is solid. 

And then there are those pesky mini-tablets. 

Will 2013 Be the Year of the Windows Mini-Tablet? 

Microsoft altered its Windows licensing this year to accommodate 
smaller-screen devices. The company planned to ship a Surface mini— 
running on CHardware, no less, thus running Windows RT 8.1—in 
time for the holidays, but decided at the last minute to hold off until the 
first half of 2014. (The reasons for this are in flux, but are thought to be 
related to the merging of Windows RT and Windows Phone. In addi¬ 
tion, handset makers can now offer market-blurring Windows Phone- 
based “phablets” with screens of up to 6 inches in size.) 

Understanding that it was already behind and that Windows 8.1 was 
still months away at the time, Microsoft in mid-2013 allowed one PC 
maker, Acer, to ship a Windows mini-tablet ahead of the Windows 8.1 
launch. This device, the Acer Iconia W3, is lackluster for many rea¬ 
sons, and it launched with yesterday’s Windows 8 running on yester¬ 
day’s Intel Atom “Clover Trail” processor. But it was mostly inhibited 
by its terrible screen, which Acer plans to fix in an update dubbed the 
W4 that is shipping this fall. 
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The Acer Iconia W4 
seeks to fix some of 
the shortcomings of 
the W3 


But even in this initial, less-than-ideal form, the W3 made clear 
that a Windows mini-tablet could work. As I noted in my Acer Iconia 
W3 review from July, the device delivers excellent battery life, reason¬ 
able performance, and proof that a small screen can work with Win¬ 
dows—meaning, mostly the touch-first “Metro” environment, and 
not so much the desktop, although compatibility with desktop appli¬ 
cations will of course help some people make this transition more 
easily. It was sunk by its terrible screen and slightly thick and heavy 
form factor, but otherwise the W3 could have been a reasonable PC 
companion or travel device. 

Well, that and the Windows 8 ecosystem. One of the issues with 
such a device is that you must largely rely on the apps and services that 
are offered in Metro. And when you compare those with what’s avail¬ 
able on Android or iOS/iPad, Windows does of course come up short. 

The New Breed 

Heading into late 2013, a number of things have changed. Windows 8 
has been replaced by Windows 8.1, which offers numerous enhance¬ 
ments over its predecessor, but most especially—for mini-tablets—a 
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Lenovo Miix 2 


new formal support for the portrait mode orientation that will be both 
common and the default on such devices. Intel’s lowly “Clover Trail” 
processor has been replaced by a new Atom that’s so much more pow¬ 
erful that it should have been rebranded. The new Windows mini¬ 
tablets all run on the Atom “Bay Trail” processor. 

And yes, I wrote “tablets” there. By the end of the year, you’ll have 
several Windows mini-tablets to choose from, including the Acer Iconia 
W4, Dell Venue 8 Pro, Lenovo Miix 2, and Toshiba Encore. And each 
of these, nearly identical, provides further reassurance that a Windows 
mini-tablet doesn’t just make sense but can offer important benefits 
over the Android and iPad competition. 



Windows 8.1, for example, means that users can more easily transi¬ 
tion to this device because their existing Windows desktop applica¬ 
tions and hardware devices still work. Few people would be interested 
in running “big” desktop applications such as Photoshop or Visual 
Studio on such a device, of course, but the ability to at least run some¬ 
thing like iTunes, Windows Photo Gallery, or Google Chrome—none 
of which work on Windows RT—will mean the difference between 
“yes” and “no” for many users. 

Windows mini-tablets, like those based on Windows RT, come with 
a free copy of Microsoft Office Home & Student 2013, which is a 
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tremendous value. This suite includes Word, Excel, PowerPoint, and 
OneNote (but not Outlook, which is part of the RT version), and 
although the 8-inch screens on these devices are likewise not ideal 
for long hours of work, they’re at least available for those who need 
them. (Microsoft also offers excellent, and free, “Metro” versions of 
OneNote, Lync, SkyDrive Pro, and other apps.) 

Each of these devices offers similar hardware components, includ¬ 
ing an 8-inch screen running at a resolution of just 1280 x 800—the 
Google Nexus 7 offers a superior 1080p 
screen, whereas the Amazon Kindle Fire 
HDX goes even higher at 1920 x 1200. 

But the quality of these device’s screens 
is generally excellent, and available 
IPS technology goes a long way toward 
helping mask the relatively low reso¬ 
lution. Each device runs on a Bay 
Trail processor, as noted, with 2GB of 
RAM, which is solid for such devices. 

You’ll generally—but not always—find 
micro-SD expansion, micro-HDMI for 
video-out, USB-based charging, but 
not full-sized USB ports for connecting 
devices. 

Important for this type of device, most Windows mini-tablets deliver 
7 to 10 hours of real-world battery life. This is comparable with what 
we see in the competition, including the iPad mini with Retina Display, 
which reportedly achieves up to 10 hours of battery life. (This device 
doesn’t ship until late November.) They are generally very thin and 
very light, and they’re comparable to the competition. 

These devices are also real, albeit tiny, PCs. This means you can, 
if needed, attached a standard Bluetooth-based PC keyboard and 
get to work. (Assuming your eyes can handle it.) You can connect 
them to larger screens, although the limited USB expandability will 
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generally short-circuit attempts at turning any of the current devices 
into miniscule mobile workstations. 

Not Perfect 

Highly portable, familiar, and ostensibly productive, the new breed 
of Windows mini-tablets does, however, fall short in a few key areas. 
The first and most obvious is the Windows “Metro” ecosystem, which 
continues to lag behind the app and services offerings on Android 
and iPad by a wide margin. Compatibility with desktop applications, 
as noted, somewhat mitigates this, but only somewhat: Using the 
desktop on such a device is often painful. And even when the correct 
apps are present, they’re often less full-featured than their Android 
and iPad relations. The Kindle app from Amazon is a great example. 
The Metro version is decidedly lacking. 

Second, PC makers are missing a golden opportunity to take advan¬ 
tage of a decade’s worth of improvements to the tablet PC handwrit¬ 
ing and handwriting-recognition capabilities. Instead of shipping with 
support for an electromagnetic stylus, each of these devices supports 
only a lackluster capacitive stylus, which is no better than touch, and 
doesn’t offer any handwriting capabilities. Those who would love to 
use a mini-tablet as the ultimate mobile note-taker are out of luck. 

What's the Value Proposition Here? 

Although I haven’t tested most of these devices yet—I do have a Dell 
Venue 8 Pro in for long-term eval, and I hope to see the Lenovo Miix 2 
soon, in addition to the previous-generation Acer W3—it’s pretty clear 
that such a device has its place. Indeed, it’s not hard to imagine Win¬ 
dows mini-tablets taking off in their respective market, just as they did 
previously with Android and iPad. 

The key strength here, ultimately, is versatility. For many users, a 
mini-tablet represents an ideal compromise of size, weight, and por¬ 
tability. You can carry it with you easily and yet get real work done— 
email, web browsing, social networking, word processing, and other 
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content editing—when needed. Although some people will always 
need bigger and more powerful devices, the majority of users can 
likely get by just fine with something much smaller and lighter. 

It’s also notable, perhaps, that none of the initial Windows mini¬ 
tablets are using Windows RT. This suggests to me that the current 
generation of devices is transitionary, much like Microsoft using XP 
on early netbooks, because the Windows RT (purely “Metro”) eco¬ 
system simply isn’t ready yet. That could and should change by this 
time next year, thanks in part to the release of the Metro-based Office 
“Touch” next year. 

But that’s next year. If you’ve been waiting for a Windows mini¬ 
tablet, you suddenly have some very interesting choices. Whether the 
performance, portability, battery life gains, and desktop compatibility 
of these devices make up for the Metro ecosystem challenges is, of 
course, a matter of opinion. But this first real generation of mini¬ 
tablets is already an excellent step forward for the platform. ■ 
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Where-Object 
and the Pipeline 

Warming up to ForEach 

I n “PowerShell Cmdlets for DNS,” I promised I’d cover ForEach- 
Object, an essential PowerShell power tool. But that’s a big topic, 
so this month I want to warm up to ForEach by looking at the 
Powershell “pipeline.” I’ve touched on this in the past, but it needs 
a little more elaboration. A great way to see the power of the pipe¬ 
line is with a great tool named Where-Object. 

Where-Object, which has the aliases where and ? —yes, that’s just a 
question mark—is a general-purpose filter that you can use with just 
about any get-something cmdlet to pick out a subset of its output. For 
example, suppose you want to find all the disabled users in a domain 
named bigfirm.com. As I’ve explained before. Active Directory (AD) 
user objects have dozens of built-in properties, one of which is named 
Enabled and is of type Boolean (computer-speak for “can only have 
the values that PowerShell names $true or $false”). You’ve already 
seen that I can list all the disabled users—users for whom the value 
of their Enabled property is $false—with the command 

get-aduser -filter {Enabled -eq $false} 

It’s nice that get-aduser has a built-in filter tool, but not every get- 
something cmdlet has a -filter option. For example, when you run get- 
process, PowerShell will show you a Task Manager-like listing of the 
processes you’re running. But what if you want to see only processes 
with more than, say, 1,500 open handles? Recall from previous arti¬ 
cles that you can see a list of the properties provided by get-something 
by piping it into get-member (alias gm). Therefore, you could use 
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get-process | gm 

Try that, and you’ll see this line in the results: 

HandleCount Property int HandleCount {get;} 

So, the output of get-process has a property named HandleCount that 
reports the number of open handles for a given process. It lacks a -filter, 
though, so here’s the syntax for the most common use of Where: 

get-something | where {some expression that returns "true" or 
"false"} 

More specifically, you’re looking for something like 

get-process | where {HandleCount of the processes dropped into 
the pipeline > 1500} 

That’s the basic idea, although it’s not PowerShell syntax. First of all, 
the caret bracket (>) isn’t how PowerShell indicates greater than; 
it’s -gt. (The other numeric comparison operators are -ge, -It, -le, -eq, 
and -ne.) Second, PowerShell refers to the items in the pipeline as 
Picking that apart, recall from previous articles that variables —places 
in RAM where PowerShell stores temporary “scratch pad” sorts of 
data—all have names that start with $. PowerShell has a bunch of 
predefined variables. (You’ve already met $false and $true, and if 
I ran the zoo, there would be one named $pipeline, a variable that 
automatically contains whatever is in the pipeline.) For historical rea¬ 
sons, however, the PowerShell authorities decided to call the variable 
$_. (An underscore looks kind of like a pipe lying on the ground, see?) 
Getting closer to legal PowerShell syntax, then, you’re looking for 

get-process | where {(HandleCount of $_) -gt 1500} 
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In the past. I’ve referred to PowerShell as “object-oriented,” which 
means that whereas many older programs and shells can under¬ 
stand only simple bits of data (e.g., HandleCount, ProcessName, 
PagedMemorySize)—separate facts about a process, in this case—a 
newer object-oriented system such as PowerShell can understand 
more holistic, complex pieces of data called objects. In this case, get- 
process emits objects of a type called Process and they have prop¬ 
erties such as HandleCount, ProcessName, PagedMemorySize, and 
more; it’s a hierarchy of data in which the object is the highest 
level and its properties sit below it. (Those properties can be objects 
themselves, as you’ll see when you delve further into PowerShell.) 

So you want to refer not to the whole process object in the pipe¬ 
line—$—but instead to just the HandleCount property on it. In fairly 
standard “object talk,” you’d write that as $_.HandleCount (the object 
name, a period, then the property name). Now you can write your 
“one-liner”: 

get-process | where {$_.HandleCount -gt 1500} 

Here is the great power of Where and the built-in pipeline variable 
It lets you take a cmdlet that wasn’t built with a -filter parameter 
and add one after the fact, with no programming required. And here’s 
one more quick example. Suppose get-aduser lacked a working -filter 
parameter. If that were true, here’s how you’d get PowerShell to show 
you just the disabled user accounts: 

get-aduser -filter * | where {$_.Enabled -eq $false} 

Even if you never progress to caring about ForEach, you’ll find Where 
useful—I guarantee it. ■ 
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Top 10 New Features 
in vSphere 5.5 

VMware's evolutionary update 
builds upon vSphere 5.1 


A t VMworld 2013 in San Francisco, VMware announced the 
release of vSphere 5.5. As its 5.5 version number suggests, the 
new vSphere release is more of an evolutionary update than a 
revolutionary release. Many of the enhancements focus on extending 
scalability and catching up in those areas where Microsoft Windows 
Server 2012 Hyper-V has leap-frogged vSphere. Here are the top 10 
features in VMware vSphere 5.5. 

(?) Increased Maximum RAM and vCPUs per Host 

In his VMworld keynote address, VMware CEO Pat Gelsinger referred 
to vSphere 5.5 as the 2X release because VMware essentially doubles 
the scalability of vSphere. The maximum supported RAM per host 
has been increased from 2TB to 4TB. Likewise, the number of logi¬ 
cal CPUs supported per host has increased from 160 to 320. These 
improvements essentially put vSphere 5.5 back on par with Hyper-V. 
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(2) Increased Number of vCPUs per Host 

Another related scalability enhancement is the increased number of 
vCPUs supported per host; vSphere 5.5 supports up to 4,096 vCPUs 
per host, whereas the older version topped out at 2,048. 


(3) Increased NUMA Support 

For virtualized workloads, physical memory is probably the most 
important resource. Most new servers provide non-uniform memory 
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access (NUMA) support. NUMA is designed to improve performance 
by assigning memory on a per-processor basis. Each block of memory 
assigned to a processor is known as a NUMA node. A CPU can access 
the memory in its local NUMA node more quickly than it can access 
a non-local NUMA node. In vSphere 5.5, the support for NUMA nodes 
is increased from 8 to 16 nodes. 

(4) Support for CPU C-States 

In vSphere 5.1, VMware provided support for CPUs’ enhanced perfor¬ 
mance state (P-state), allowing processors to run at lower frequency 
and voltage settings during periods of low resource utilization, while 
increasing those settings during periods of high utilization. Now, 
vSphere 5.5 can use the deep processor power state (C-state) to min¬ 
imize the power consumed by idle CPUs during periods of inactivity. 

(H) Scalability Enhancements for the Free vSphere Hypervisor 

Another important change, especially for small-to-midsized busi¬ 
nesses (SMBs), is memory support enhancements to the free vSphere 
hypervisor. With vSphere 5.5, the free vSphere hypervisor no longer 
has any physical memory limitations; the older version was limited 
to 32GB of host RAM. 

( 6 ) Support for 62TB VMDK Files 

The increase in maximum virtual machine disk (VMDK) size is a 
welcome enhancement of vSphere 5.5. Previous releases of vSphere 
limited the VMDK size to 2TB; vSphere 5.5 pushes the maximum 
VMDK size to 62TB for both VMFS-5 and NFS. 

( 7 ) Support for Hot-Pluggable PCIe SSD Drives 

As prices continue to drop, high-performance solid state disk (SSD) 
drives are becoming more prevalent in today’s data centers. Previ¬ 
ous releases of vSphere have supported hot-pluggable SATA and SAS 
drives. The new release supports hot-pluggable SSD drives, as well. 
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(§) Improved Networking Performance 

The vSphere 5.5 release provides improved network performance 
with support for 40GB NICs. Another networking enhancement pro¬ 
vides support for 16GB end-to-end (E2E) Fibre Channel connections. 
With the previous release, the host-to-switch connection could run 
at 16GB but the switch-to-array connection was limited to 8GB. The 
vSphere 5.5 release now supports full 16GB E2E Fibre Channel con¬ 
nectivity. 

@ Expanded vGPU Support 

Previously, vSphere 5.1 introduced support for hardware-accelerated 
3D graphics using vGPUs inside a virtual machine (VM), but this sup¬ 
port was limited to NVIDIA GPUs. Now, vSphere 5.5 adds support for 
AMD and Intel GPUs, as well as the ability to use vMotion to move 
a VM between GPU vendors. However, if the vGPU is configured to 
use hardware rendering, the GPU must exist in the destination host; 
otherwise, the vMotion procedure will fail. 

® AppHA 

One of the other major enhancements in vSphere 5.5 is the new 
App HA feature. App HA extends VMware’s operations monitoring 
capabilities to a number of business-critical applications. The new 
App HA can monitor SQL Server 2012, 2008 R2, 2008, and 2005, as 
well as IIS 8.0, 7.0, and 6.0; Tomcat 7.0 and 6.0; and Apache HTTP 
Server 2.2, 2.0, and 1.3. ■ 
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The Year In Identity, 

2013 Edition 

Identity trend-spotting with Andre Durand 



Sean 

Deuby 

is technical director for 
Windows IT Pro and SQL 
Server Pro and former 
technical lead of Intel's core 
Directory Services team. He's 
been a Directory Services 
MVP since 2004. 



Twitter 



I t’s December, and that makes it a good time to look back on 2013 
to summarize some of the year’s high and low points in the iden¬ 
tity field. I’ve also included some remarks from an interview with 
Ping Identity’s CEO Andre Durant on the state of identity today, and 
where it’s going. 

Identity at the Center 

Probably the biggest identity-related trend this year has been the 
increased recognition of the central role that identity plays in all the 
digital work we do today—and how weak identity architectures make 
us ever more vulnerable. Web-based services (aka cloud), mobile 
apps, and a general rise in Internet-connected devices of all kinds 
(aka the Internet of Things) demonstrate the importance of identity 
in determining how to use them securely. 

Identity Standards Are Slowly Being Adopted 

Identity standards are in place to make this adoption easier. But true to 
Metcalfe’s Law, a standard’s usefulness is proportional to the square of 
the number of entities that actually use it. Translation: You can build it, 
but it ain’t much good if they don’t come. The OAuth 2.0 and OpenID 
Connect standards have continued their rapid rise in popularity, filling 
a desperate need for mobile-friendly identity and security. (OAuth 2.0 is 
an “authorization-centric,” flexible protocol that also supports authen¬ 
tication, and OpenID Connect is a relatively simple identity layer built 
on top of OAuth 2.0.) Despite predictions of its demise, the venerable 
SAML protocol is widely in use and isn’t going away any time soon. 
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Standards for user provisioning—which is the lifecycle manage¬ 
ment of users at a cloud service provider (e.g., Office 365) by the 
identity provider (your company)—are moving slowly forward. 
Rather, I should say “standard for user provisioning,” because there 
is really only one user provisioning standard that’s making any head¬ 
way this year. System for Cross-domain Identity Management (SCIM) 
has moved slowly forward in standards committees (version 1.1 is the 
most current), but the important metric is whether anyone is actually 
using it (Metcalfe’s Law again). It is being adopted, but rather slowly. 
So, businesses continue to surge ahead with either proprietary provi¬ 
sioning engines or none at all. 

Constructing a Standard Identity Layer for the Internet 

Durand agrees that a standardized identity layer for the Internet is 
moving closer to completion. It will most likely use OAuth 2.0 and 
OpenID Connect for authorization and authentication, and SCIM for 
identity provisioning. His analogy for this identity layer is that of 
DHCP and DNS. “DHCP’s ability to automatically assign a unique 
identifer—an IP address—to a device makes it discoverable on the 
network. DNS’s name-to-IP-address resolution capability made it pos¬ 
sible for humans to easily work with the devices. In the same way, 
we need to make identities on the network immediately and auto¬ 
matically available on the network without having to do a lot of the 
plumbing. We don’t think about what DHCP is doing; we just know 
we’re on the network. ” 

Multi-Factor Authentication Joins the Mainstream 

Another plus this year has been the increasing acceptance of multi¬ 
factor authentication (MFA). This important branch of authentication 
and security relies on not only what you know (a password) but what 
you have (a PIN). The wide acceptance of SMS as a communications 
medium has made this possible, as pretty much anyone who might 
need secure access to a website has a mobile phone of one kind or 
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another. The popularity of smartphones, which in the next few years 
will represent virtually all of the mobile phone market in the most 
developed countries, also allows mobile apps to be used for MFA. 
Google or Microsoft Authenticator generates one-time passwords for 
logon, and the new iPhone 5S has an integrated fingerprint reader. 
The FIDO Alliance seeks to make all kinds of MFA easier through a 
standard set of mechanisms instead of the proprietary ones we have 
today. Over the next couple of years, I expect to see a wide variety of 
biometric devices built in to mobile devices; it’ll become one more 
decision point when you’re looking at your next mobile device. 

Since I’m talking about MFA, let me just say that I’m happy to have 
it, but if you’re any kind of a connected person, it gets tedious very 
quickly. It’s simple math. I’m not sure how many Internet-connected 
devices the average American owns, but I use five on a more-or-less 
daily basis. On four of them, I run at least two browsers. I have MFA set 
up on five websites (as best I can remember). That’s (4*2 + l)*5 = 54 
possible interactions between a browser and an MFA site. The first 
time you set up a session between these, you must provide a PIN to 
the site, typically sent as a text message to your phone. To add to the 
fun, the session cookie for many of these sites expires after 30 days, 
so you must re-authenticate. And if you’re on an Internet-connected 
flight, a PIN code by text (rather than from an authenticator mobile 
app) won’t reach you, so you’re out of luck. 

IDaaS on a Strong Growth Curve 

IDaaS continues to gain popularity, and you should seriously consider 
it when looking for Internet SSO solutions. Microsoft unveiled Win¬ 
dows Azure Active Directory to general availability in April, mention¬ 
ing that 2.9 million businesses, governments, and schools are already 
using it. The company proceeded to add capabilities (MFA, a third- 
party SSO portal) as fast as it could, and I’m sure it isn’t done yet. In 
a few short months. Azure AD transformed itself from a “What is it?” 
product to an IDaaS offering that will be a force to be reckoned with. 
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Future Identity Trends 

Durand sees IDaaS as the second of three overlapping trends in iden¬ 
tity, each in different phases of maturity. The first, most mature, trend 
is federation. “Federation is not going away; it’s an integral part of 
connecting. On-premises identity bridges will be around for a while, 
but management of these bridges will move to the cloud.” Durand 
feels that the second, IDaaS, is the next-generation identity and access 
management platform. 

The third and least mature trend is outsourced identity. Also known 
as portable identity, it turns our current identity model—separate 
work and consumer identities—on its head. In outsourced identity, 
you have a single identity that you attach to different scenarios. 
The most common example today is in the consumer space, where 
you have an account from a commercial identity provider such as 
Facebook, Google, Yahoo!, or Microsoft, and use that account to 
log on to other web services such as Tripit. You retain your origi¬ 
nal identity and extend it to other web services. The emerging sce¬ 
nario is using this consumer account as a work account as well. A 
consumer account doesn’t have the identity proofing (e.g.. Social 
Security number, driver’s license) that an enterprise requires, so 
additional layers of authentication (step-up AuthN) are added to 
make the identity usable. When the employee leaves the company, 
the extra layers are removed and he or she moves on with the origi¬ 
nal identity. 

Microsoft's Identity Platform Embraces BYOD 

Microsoft expanded the identity capabilities of its on-premises prod¬ 
ucts this year as well. Active Directory Domain Services (aka the AD 
in your data center) and especially Active Directory Federation Ser¬ 
vices (AD FS) have been enhanced in Windows Server 2012 R2 to 
accept a lightweight join of mobile devices to the corporate domain, 
enabling several flexible authentication/authorization scenarios that 
weren’t previously possible. 
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Identity and Security Setbacks 

On the downside, the bad guys haven’t slowed down at all. And 
though the debate rages on whether the National Security Agency 
(NSA) is the bad guy, the Snowden revelations of how deeply NSA 
has penetrated our digital lives have generated rage, distrust, and 
a general pullback from the overall movement to the cloud. The 
National Strategy for Trusted Identities in Cyberspace (NSTIC), the 
government-sponsored—but privately driven—development of an 
identity ecosystem to raise the overall security of Internet transac¬ 
tions, has been making slow but solid progess; it surely must be bat¬ 
tered by this watershed moment in surveillance exposure. 

In the cyber attacks department, the big news in 2012 was the 
Adobe security breach that compromised 2.9 million users’ credit 
card and other personal information. It doesn’t matter how many fac¬ 
tors the website authentication scheme has if a well-crafted phishing 
email message opens the back door. 

Finally, passwords haven’t gone away yet. As with the notion of 
flying cars, we’re all still waiting for that to happen. ■ 
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Community Choice Awards 


Here are your favorite^ 
products of the year! 



O ur annual Community Choice award program lets readers 
like you decide which products are the best of the year. In 
2013, we followed the same process as in previous years 
by opening up the Community Choice nomination process to all. 
We let you nominate your favorite products and services, built 
the voting survey from there, and let everyone participate in 
the final voting phase. In these pages, you’ll find our Gold, 

Silver, and Bronze winners, as well as quotes from the com¬ 
munity about these top products. You’ll even find some honorable 
mentions. Whether Gold, Silver, Bronze, or runner-up, these prod¬ 
ucts are all worthy of serious consideration if you’re in the market 
for a new tool. 
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Best Active Directory/Group Policy Product 


netwrix 

#1 for configuration auditing 

"Netwrix Auditor gives 
me a quick overview 
of the 'who, what, 
when, and where' of 
my AD environment, 
delivered in a simple 
daily email report." 


★ GOLD 


Netwrix Auditor I Netwrix 


★SILVER 


ADManager Plus | ManageEngine 


★BRONZE 


Migration Manager for Active Directory | Dell 

Other Hot Products in This Year's Contest 

Centrify Server Suite Standard Edition 

Dell ActiveRoles Management Shell for Active Directory 


Best Antivirus/Anti-Malware Product 


KA$PER$KY! 

"Kaspersky Anti-Virus 
is the best product 
for the money, with 
consistent support and 
signature definition 
management" 


★GOLD 


Kaspersky Anti-Virus | Kaspersky Lab 


★SILVER 


Microsoft Security Essentials | Microsoft 


★BRONZE 


McAfee VirusScan Enterprise | McAfee 

Other Hot Products in This Year's Contest 

Symantec Endpoint Protection 
Malwarebytes Anti-Malware PRO 
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Best Auditing/Compliance Product 


netwrix 

#1 for configuration auditing 


"Netwrix Auditor 
does it all. Auditors 
and compliance folks 
understand it, too, not 
just us techs!" 


★GOLD 


Netwrix Auditor I Netwrix 


★SILVER 


ChangeAuditor | Dell 


★BRONZE 


Centrify Server Suite Enterprise Edition | Centrify 

Other Hot Products in This Year's Contest 

ManageEngine ADAudit Plus 
Metalogix International ControlPoint 


Best Backup & Recovery Product 



"Veeam Backup & 
Replication is simply 
the best software 
product I have ever 
implemented." 


Dell AppAssure | Dell 


★BRONZE 


Acronis Backup & Recovery | Acronis International 

Other Hot Products in This Year's Contest 

Symantec Backup Exec 
CA ARCserve Backup 


WWW.WINDOWSITPRO.COM 


Windows IT Pro / December 2013 29 

















Cover Story 


A 


Best Cloud Computing Product or Service 



"Veeam Backup & 
Replication, for disaster 
recovery or backup, 
as a service or on 
premises—hands down, 
the market leader." 


OnDemand Migration for Email | Dell 


★BRONZE 


Dropbox for Business | Dropbox 

Other Hot Products in This Year's Contest 

Centrify for Mobile 
Microsoft Office 365 


Best Deployment/Configuration Product 


■ I Microsoft 


"Microsoft System 
Center 2012 
Configuration 
Manager SP1 makes 
your deployments 
quick, accurate, and 
stable! With its rich 
reporting, it is versatile 
and can scale hugely!" 


★GOLD 


System Center 2012 Configuration Manager | Microsoft 


★SILVER 


Desktop Central | ManageEngine 


★BRONZE 


Symantec Deployment Solution | Symantec 

Other Hot Products in This Year's Contest 

AvePoint DocAve Deployment Manager 
StillSecure Safe Access 
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Community Choice Awards 


D4fLL 


"Our Dell PowerEdge 
server is 10 years old 
and still going strong!" 



Other Hot Products in This Year's Contest 

IBM BladeCenter 
Lenovo ThinkServer 


Best Hardware: Workstation 


D*LL 


"The OptiPlex's 
performance and 
reliability are the best 
I've experienced!" 


★GOLD 


OptiPlex | Dell 


★SILVER 


ThinkCentre I Lenovo 


★BRONZE 


Pavilion | HP 

Other Hot Products in This Year's Contest 

Dell Precision 
Fujitsu CELSIUS 
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Best Hardware: Laptop 


D*LL 


"Durability is vital to 
our mobile workforce, 
and these Dells can 
really take a beating!" 


★ GOLD 


Latitude I Dell 


★SILVER 


ThinkPad | Lenovo 


★BRONZE 


MacBook Pro | Apple 

Other Hot Products in This Year's Contest 

HP EliteBook 
Microsoft Surface Pro 


Best Hardware: Networking 


a I | I • 111 • 

CISCO 

“Cisco Catalyst has 
reinvented switching 
technology with this 
product, beefing up 
switching density 
and throughput 
performance." 


★GOLD 


Cisco Catalyst Series | Cisco Systems 


★SILVER 


HP Networking (formerly ProCurve) | HP 


★BRONZE 


SRX Series | Juniper Networks 

Other Hot Products in This Year's Contest 

F5 Networks BIG-IP 

Barracuda Networks Barracuda Load Balancer 
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Best Hardware: Storage 


Community Choice Awards 



NetApp" 


"Two years uptime on 
our FAS2040 so far — 
this thing is rock solid!" 


★GOLD 


NetApp FAS | NetApp 


★SILVER 


EMCVNX Family | EMC 


★BRONZE 


EqualLogic | Dell 


Other Hot Products in This Year's Contest 

HP LeftHand SAN/iQ 
X-IO Technologies Hyper ISE 


Best Hardware: Appliance 


D*LL 

"Dell KACE is my 
appliance of choice!" 


★GOLD 


Dell KACE K1000 Systems Management Appliance | Dell 


★SILVER 


FlexPod Datacenter | NetApp 


★BRONZE 


Dell SonicWALL Network Security Appliance (NSA) Series | Dell 


Other Hot Products in This Year's Contest 

Barracuda Networks Barracuda Spam & Virus Firewall 
F5 Networks BIG-IP 
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Best High Availability/Disaster Recovery Product 



"Love Veeam Backup 
& Replication—it just 
works!" 


Recovery Manager for SharePoint | Dell 


★BRONZE 


Windows Server 2012 R2 | Microsoft 


Other Hot Products in This Year's Contest 


Metalogix International Replicator 
HP Data Protector 


Best Interoperability Product 


" ! Microsoft 


"System Center 2012 
will always be there!" 


★GOLD 


System Center 2012 | Microsoft 


★SILVER 


Centrify Server Suite | Centrify 


★BRONZE 


VNC | RealVNC 


Other Hot Products in This Year's Contest 

Binary Tree CMT for Coexistence 
NETsec GALsync 
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Best Management Suite 


DOLL 


"Desktop Authority is 
the obvious choice." 


★GOLD 


Desktop Authority Management Suite | Dell 


★SILVER 


System Center 2012 | Microsoft 


★BRONZE 


Server & Application Monitor | SolarWinds 


Other Hot Products in This Year's Contest 

ManageEngine Desktop Central 
GFI Software GFI Cloud 


Best Messaging Product 


■ | Microsoft 


"Exchange Server 2013 
is the de facto standard 
for managing email. It 
has come a long way!" 


★GOLD 


Exchange Server 2013 | Microsoft 


★SILVER 


MessageStats Business Insights | Dell 


★BRONZE 


Skype for Business | Skype 

Other Hot Products in This Year's Contest 

Microsoft Lync 

GFI Software GFI MailEssentials 
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Best Mobile & Wireless Software 


D*LL 

“Once you try Mobile IT, 
you'll be sticking with it 
long-term!" 


★ GOLD 


Mobile IT I Dell 


★SILVER 


Cisco Wireless Control System | Cisco Systems 


★BRONZE 


VMware Horizon View | VMware 

Other Hot Products in This Year's Contest 

SolarWinds Mobile Admin 

Lenovo ThinkVantage Access Connections 


Best Network Management Product 


D*LL 


"Foglight will shed light 
on your infrastructure." 


★GOLD 


Foglight | Dell 


★SILVER 


Network Performance Monitor | SolarWinds 


★BRONZE 


Spiceworks MyWay | Spiceworks 


Other Hot Products in This Year's Contest 

ManageEngine OpManager 
Splunk Enterprise 
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D*LL 

"ChangeBASE gives you 
more than just patch 
management." 


★GOLD 


ChangeBASE | Dell 


★SILVER 


Patch Manager | SolarWinds 


★BRONZE 


Desktop Central | ManageEngine 


Other Hot Products in This Year's Contest 

Symantec Patch Management Solution 
GFI Software GFI LanGuard 


Best Scripting Tool 


■ | Microsoft 


"PowerShell is the 
necessary scripting 
skill for modern IT 
pros and systems 
administrators." 


★GOLD 



Other Hot Products in This Year's Contest 

Idera PowerShell Plus 

F5 Networks iControl PowerShell Cmdlets 
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Best Security Product 


D4fLL 


"SonicWALL NSA rocks!" 


★ GOLD 


Dell SonicWALL Network Security Appliance (NSA) Series | Dell 


★SILVER 


Centrify Server Suite | Centrify 


★BRONZE 


GFI LanGuard and GFI WebMonitor I GFI Software 


Other Hot Products in This Year's Contest 

Avecto Privilege Guard 
VMware vShield 


Best SharePoint Product 


D*LL 


"Site Administrator 
gives businesses so 
much visibility into 
SharePoint security; 
usage, and growth—all 
with no need to beg 
IT admins for a report 
when you need it" 


★GOLD 


Site Administrator for SharePoint I Dell 


★SILVER 


DocAve 6 | AvePoint 


★BRONZE 


Dell AppAssure DocRetriever for SharePoint | Dell 

Other Hot Products in This Year's Contest 

Idera SharePoint Diagnostic Manager 
Metalogix International StoragePoint 
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Best System Utility 


■ i Microsoft 


"You're not seriously 
troubleshooting until 
you are using the 
Sysinternals Suite." 


★GOLD 


Sysinternals Suite | Microsoft 


★SILVER 


AlwaysUp | Core Technologies Consulting 


★BRONZE 


Service Account Manager | Lieberman Software 

Other Hot Products in This Year's Contest 

CondusivTechnologies Diskeeper 
Condusiv Technologies V-locity 


Best Systems Monitoring Product 


■ I Microsoft 


"Microsoft System 
Center 2012 Operations 
Manager has built on its 
predecessors to create a 
highly mature product 
that can monitor 
anything and everything 
within an IT estate." 


★GOLD 


System Center 2012 Operations Manager | Microsoft 


★SILVER 


Server & Application Monitor | SolarWinds 


★BRONZE 


Nagios | Nagios Solutions 

Other Hot Products in This Year's Contest 

ManageEngine OpManager 
Monitis (part of GFI Software) Monitis 


WWW.WINDOWSITPRO.COM 


Windows IT Pro / December 2013 39 

















Cover Story 


A 


Best Task Automation Product 


55 Microsoft 

"Microsoft System 
Center 2012 
Orchestrator is the 
Legos of automation. 
Small building blocks 
come together to create 
an automation machine 
that can handle a wide 
variety of tasks" 


★ GOLD 


System Center 2012 Orchestrator | Microsoft 


★SILVER 


Automation Anywhere | Automation Anywhere 


★BRONZE 


AutoMate I Network Automation 


Other Hot Products in This Year's Contest 

AvePoint DocAve Governance Automation 
MVP Systems Software JAMS Job Scheduler 


Best Training & Certification Product or Service 


SF=iC^Wjf>RkCS " 

IT'S EVERYTHING IT 


"Spiceworks University 
is spicy and gets your 
blood flowing with 
humor!" 


★GOLD 


Spiceworks University | Spiceworks 


★SILVER 


Pluralsight On-Demand IT and Dev Courses | 
Pluralsight (formerly TrainSignal) 


★BRONZE 


Global Knowledge ITTraining | Global Knowledge Training 


Other Hot Products in This Year's Contest 

HP ExpertOne 
SQLskills 


40 Windows IT Pro / December 2013 


WWW.WINDOWSITPRO.COM 


















Community Choice Awards 


Best Virtualization Product 


vmware 


"VMware vSphere has 
revolutionized this 
systems administrator's 
life—love it!" 


★GOLD 


VMware vSphere | VMware 


★SILVER 


Windows Server 2012 Hyper-V | Microsoft 


★BRONZE 


Oracle VM VirtualBox | Oracle 

Other Hot Products in This Year's Contest 

Citrix Systems XenServer 
SolarWinds Virtualization Manager 


Best Free or Open-Source Tool 


SF=iC^Wjf>FRkCS "■ 

IT'S EVERYTHING IT 


"Spiceworks is probably 
THE most useful 
free IT tool currently 
available." 


★GOLD 


Spiceworks | Spiceworks 


★SILVER 


Veeam Backup Free Edition | Veeam Software 


★BRONZE 


Centrify Express | Centrify 


Other Hot Products in This Year's Contest 

Google Apps 
Malwarebytes 
Don Ho Notepad++ 
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Best Vendor Tech Support 


D*LL 


"Dell won't let you 
down!" 


★ GOLD 


Dell 


★SILVER 


Veeam Software 


★BRONZE 


Centrify 


Other Hot Vendors in this Year's Contest 

Microsoft 

Netwrix 



Download 
your FREE 
mobile app. 


iTunes 

Android 

Kindle 
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Cluster-Aware Updating 
in Windows Server 2012 

Patching Server 2012 failover clusters 
just got a whole lot easier 


D riving down the management overhead of IT systems is a top 
priority for most organizations today. One way to achieve this 
goal is to minimize the work associated with patching OSs, 
including minimizing the number of patches that are needed. I’ll first 
discuss how to reduce the number of patches, then show you how to 
automate the patching process for the patches that remain. 

Reducing the Number of Patches 

Since Windows Server 2008, the Server Core configuration level 
has been available. In a Server Core environment, the graphical 
interface, management tools, and management infrastructure are 
removed from the Windows deployment. This typically means 
about 50 percent fewer patches and, more important, longer times 
between reboots, because the patches that are no longer required 
are typically those that require reboots. 

The main challenge with Server Core in Windows Server 2008 R2 
and Server 2008 is that Server Core has to be set at installation time 
and can’t be changed without reinstallation. This is a big risk for orga¬ 
nizations not used to managing Windows Server from a command 
prompt or remotely. In addition, in Server 2008 R2 and Server 2008, 
Server Core is supported for only infrastructure roles (i.e., roles that 
are part of Windows Server itself) and not for other applications. 

Server Core in Windows Server 2012 has completely changed. 
Server Core is now the default installation option for Server 2012. The 
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graphical interface, management tools, and management infrastruc¬ 
ture can now be added and removed at any point in a server’s life 
cycle, with only a reboot required. This gives you a lot more flexibility 
and granularity, because you can choose to have the management 
infrastructure but not the graphical interface, for example. 

In addition. Server Core is now an application platform, so appli¬ 
cations (e.g., SQL Server 2012) can run on it. This means the patch¬ 
ing overhead can be greatly reduced, without losing capabilities for 
Server 2012. You’ll still need to patch and reboot, but you won’t have 
to patch and reboot as often. 

Rebooting a server typically means the services running on that 
server have to be unavailable during that time. In the case of a 
Hyper-V host, this means all the virtual machines (VMs) and the 
services running on them will be unavailable. However, this doesn’t 
have to be the case. This is where the Failover Clustering feature 
comes into play. When hosts are in a failover cluster, you can move 
a service (including a VM) between the nodes without downtime, 
provided that the service supports a zero-downtime migration tech¬ 
nology, such as live migration of VMs or leveraging the Server Mes¬ 
sage Block (SMB) 3.0 transparent failover. This means that patching 
and the associated reboots aren’t a big deal in terms of availability, 
because there’s no impact on availability. 

However, the patching process can be time-consuming. Consider 
that to manually patch a cluster in Server 2008 and later, you need to 
perform the following steps: 

1. Pick a node in the cluster and migrate all services from that 
node to other nodes in the cluster using a zero-downtime 
migration technology (e.g., live migration for VMs). 

2. Place that node in maintenance mode, which will drain it of all 
its resources and move them to other nodes in the cluster. For this 
step, you can use Windows PowerShell’s Suspend-ClusterNode 
cmdlet with the -Drain parameter. Suspend-ClusterNode is one of 
many cmdlets in the Failover Cluster Module for PowerShell. 


44 Windows IT Pro / December 2013 


WWW.WINDOWSITPRO.COM 



CAU in Server 2012 


3. Download and apply the patches and reboot the node. Once 
rebooted, check to see whether there are any new patches that 
apply. If so, apply them and reboot again. 

4. Bring the node out of maintenance mode. For this step, you can 
use Windows PowerShell’s Resume-ClusterNode cmdlet with 
the -Failback parameter. 

5. Migrate the services back to the patched node using a zero¬ 
downtime migration technology. 

6. Repeat the previous steps for the next node in the cluster and 
so on until the whole cluster is patched. 

This update process sounds simple enough, but if you have a 64-node 
cluster, it’s a lot of work. You can purchase products that can reduce 
the amount of work. For example, Microsoft System Center Virtual 
Machine Manager (VMM) 2012 provides one-click patching of Hyper-V 
hosts in a cluster and there are System Center Orchestrator 2012 run- 
books to automate the patching of a cluster. However, if you’re running 
Server 2012, you can take advantage of a new built-in capability named 
Cluster-Aware Updating (CAU). 

Automating Patching with CAU 

CAU is part of Server 2012’s Failover Clustering feature. With CAU, the 
update process for an entire Server 2012 failover cluster can be per¬ 
formed automatically. (This is only for Server 2012 failover clusters. 
It’s not backward compatible with Server 2008 R2 or earlier clusters.) 
There’s no limitation on the applications that will work with CAU. If 
it’s a cluster application, it should be supported. For example, VMs, 
file shares, and SQL Server will work with CAU. Each application’s 
native migration technology is used as part of the CAU process. 

The source for the patches can be either Windows Update or your 
on-premises Windows Server Update Services (WSUS) implementa¬ 
tion. If using WSUS with CAU, you need to make sure you’re using 
WSUS 4.0 (which is part of Server 2012) or WSUS 3.0 SP2 with 
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the KB2734608 update applied. In addition, CAU supports a plug¬ 
in model, which allows patches from other sources. For example, 
Microsoft.HotfixPlugin is a nondefault plug-in supplied with CAU. 
It lets you select hotfixes that aren’t deployed through Windows 
Update. You can also use it for non-Microsoft updates, such as driver 
and firmware updates from your hardware vendors. 

With this plug-in model, CAU might eventually be able to use 
Microsoft System Center Configuration Manager (SCCM) as the 
source for the patches. However, at the time of this writing, this 
plug-in hasn’t been written, which means you can’t use SCCM as 
the patch source when using CAU. 

After CAU is enabled in your cluster, you have a flexible yet sim¬ 
ple patch capability for your clusters. You can trigger it manually 
or schedule it to run. You can even run pre-update and post-update 
PowerShell scripts on each node as part of the patching process. 

Understanding the CAU Modes and Requirements 

CAU works on physical clusters and clusters configured inside VMs. 
There are two modes: self-updating and remote-updating. 

With the self-updating mode, the Failover Clustering management 
tools are installed on each node in the cluster so there are no external 
dependencies. Plus, a CAU clustered role is installed. 

With the remote-updating mode, the Failover Clustering manage¬ 
ment tools are installed on a remote Server 2012 or Windows 8 com¬ 
puter, which controls the patching application in the remote clusters. 
If the Failover Clustering management tools aren’t installed on the 
cluster nodes when using remote-updating, the only restriction on 
functionality relates to the running of debug-type information, which 
isn’t generally used by administrators anyway. 

The advantage of using the self-updating mode is that the clus¬ 
ter is completely self-managed and can effectively patch itself on 
autopilot. The advantage of using the remote-updating mode is that 
many different clusters can be patched from the box configured as 
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the remote-updating coordinator. Because the coordination is being 
done remotely, there’s no need for the Failover Clustering manage¬ 
ment tools to be installed on the cluster nodes (or even PowerShell 
and the Microsoft .NET Framework if you aren’t using pre-update 
and post-update scripts), which means the cluster nodes can be run¬ 
ning the Server Core configuration level. In addition, remote-updating 
gives a more verbose feedback, which is ideal when close attention 
is needed (but there’s still no manual administrator action required). 
To use CAU, the cluster nodes need to meet a few requirements: 

• Remote Windows Management Instrumentation (WMI) must be 
enabled (which is the default). If you need to enable it, you can 
use PowerShell’s Set-WSManQuickConfig cmdlet. 

• The .NET Framework 4.5 must be installed (which is the default) 
if you’re using the self-updating mode or using pre-update and 
post-update PowerShell scripts. 

• PowerShell 3.0 must be installed and PowerShell remoting enabled 
if you’re using the self-updating mode or using pre-update and 
post-update PowerShell scripts. You can use the Enable-PSRemoting 
cmdlet or Group Policy to enable PowerShell remoting. 

• There must be a firewall exception for remote restart, which is 
accomplished by enabling the built-in Remote Shutdown excep¬ 
tion. This is done automatically as part of the CAU configura¬ 
tion when using the GUI. Action is required only if there are any 
Group Policies that might disable this exception. 

• The nodes must be part of a cluster and therefore have the 
Failover Clustering feature installed. 

• If you use a proxy to access Windows Update, you need to set 
this proxy for the computer account because CAU runs under the 
System account and not a user account. You can use the Netsh 
command-line utility to set up a proxy by customizing and run¬ 
ning the following command in Cmd.exe: 

Netsh winhttp set proxy <proxy IP>:<proxy port> "<local>") 
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Installing and Configuring CAU 

After the requirements are met, you can install and configure CAU. 
I’ll be walking you through setting up CAU in the self-updating 
mode. If you want to use the remote-updating mode, you simply 
install the Failover Clustering management tools, then use the GUI 
or the PowerShell cmdlets in the Failover Cluster Module to start the 
update process. 

To install and configure CAU in the self-updating mode, follow 
these steps: 

1. Open Failover Cluster Manager. Using the Connect to Cluster 
action, connect to the cluster in which you want to use CAU. 

2. Click the Cluster-Aware Updating link, which will open the 
Cluster-Aware Updating screen and initiate a scan of the 
environment. 

3. Click the Configure cluster self-updating options action, which 
will launch the Configure Self-Updating Options Wizard. Click 
Next on the Getting Started page of the wizard. 

4. On the Add CAU Clustered Role with Self-Updating Enabled 
page, select the check box labeled Add the CAU clustered role, 
with self-updating mode enabled, to this cluster. You’ll also see 
the check box labeled I have a prestaged computer object for 
the CAU clustered role. In the self-updating mode, a CAU role 
service is added to the cluster. It uses its own virtual computer 
object, which needs to be created in Active Directory (AD). If 
you leave this check box clear, this prestaged virtual computer 
object will be automatically created for you. However, for that 
to occur, your cluster computer object must have permission to 
create computer objects in the default Computers container (or 
the container in which your cluster computer object is located), 
as shown in Figure 1. 

If your computer object for the cluster isn’t able to have this 
permission because of corporate policies, you’ll need to prestage 
the virtual computer object for CAU, select the I have a prestaged 
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Figure 1 

Making Sure the 
Cluster Computer 
Account Has 
Permission to Create 
Computer Objects in 
the Default Computers 
Container 


computer object for the CAU clustered role check box, and provide 
the name of the prestaged virtual computer object. (For informa¬ 
tion on how to prestage objects, see “Failover Cluster Step-by-Step 
Guide: Configuring Accounts in Active Directory.”) Click Next. 

5. On the Specify self-updating schedule page, configure the update 
schedule. As Figure 2 shows, you can have the updates occur 
daily, weekly, or monthly. When planning your schedule, keep 
in mind that Microsoft releases new patches on the second 
Tuesday of each month. Click Next. 

6. On the Advanced Options page, you can change the number 
of retry attempts (the default is 3), specify pre-update and 
post-update PowerShell scripts if you want to use them, and 
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Figure 2 

Configuring When 
the Self-Patching Will 
Occur in the Cluster 
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configure other options. You can also change the CAU plug¬ 
in. By default, the Microsoft.WindowsUpdatePlugin plug-in 
is selected. It installs cluster updates directly from Windows 
Update or an on-premises WSUS server. Note that you don’t 
configure the cluster to use Windows Update or WSUS as 
part of the CAU configuration. The cluster will use whatever 
update method it has already been configured to use. You’re 
just specifying the plug-in to use to get the updates from 
that source. Make any changes you need to on the Advanced 
Options page and click Next. 

7. If the Microsoft.WindowsUpdatePlugin plug-in is specified on 
the previous page, the Additional Update Options page will 
appear. On this page, you’ll find the option Give me recom¬ 
mended updates the same way that I receive important updates. 
Select this option if desired and click Next. 

8. On the Confirmation page, a summary of the options you 
selected will be shown. After verifying your options, I recom¬ 
mend that you scroll down to the bottom of the page, where 
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you’ll find the PowerShell command the wizard is about to run. 
The command will look something like: 

Add-CauClusterRole -ClusterName savdalfclus 

-Force -CauPluginName Microsoft.WindowsUpdatePlugin 
-MaxRetriesPerNode 3 -CauPluginArguments 
@{ 'IncludeRecommendedUpdates' = 'True' } 

-StartDate "4/19/2013 3:00:00 AM" -DaysOfWeek 8 
-WeeksOfMonth @(2) -EnableFirewall Rules; 

Copy and save the command for future use. 

9. On the Confirmation page, click Apply. The wizard will then 
add the CAU clustered role and create the virtual computer 
object in AD. 

After the configuration is complete, click the Cluster-Aware Updating 
link for your cluster to bring up the various CAU actions. I recom¬ 
mend that you run the Analyze cluster updating readiness action. 
This will check the cluster nodes to ensure that CAU will operate 
correctly. CAU is now ready to apply updates following the schedule 
you specified. 

Performing CAU Updates Manually 

At any time, you can check the updates that need to be applied and 
manually run those updates. To do so, click the Cluster-Aware Updat¬ 
ing link for your cluster to bring up the various CAU actions. Next, 
click the Preview updates for this cluster action to bring up the Pre¬ 
view Updates dialog box. By selecting your plug-in and clicking the 
Generate Update Preview List button, you can generate a list of all 
the updates that need to be applied to all the hosts in the cluster, as 
shown in Figure 3. 

To manually install those updates, close the Preview Updates 
dialog box and click the Apply updates to this cluster action. This 
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will bring up the Cluster-Aware Updating Wizard. You just need 
to click Next on the Getting Started page, then click Update on 
the Confirmation page. CAU will then update the cluster using the 
existing settings. 

The order in which hosts are updated is based on the number of 
resources currently hosted on the node. CAU will first update the 
node with the fewest number of resources, then update the node 
with second fewest resources, and so on, until all the nodes are 
patched. 

You can monitor the progress of the updates. As Figure 4 shows, 
detailed information is given, including the updates being down¬ 
loaded, the nodes being placed into maintenance mode, the updates 
being applied, the nodes being rebooted, and so on. 

When you’re using the self-updating mode, you’ll see that the 
Update Coordinator will move between nodes as boxes are rebooted. 
(If you’re doing remote updating, the Update Coordinator will remain 
on the remote box.) The Update Coordinator is the brains of CAU. 
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It scans, downloads, and installs the patches on each node, controls 
scripts, and so on. 

After all the updates are applied to a node, CAU will reboot the 
node and check again for any new updates that might need to be 
applied. If there are new updates, CAU will apply them, reboot the 
node, and check again for updates. This will continue until no new 
updates are found. After CAU has finished patching that node, it 
will then move to the next node. The video “Patching a Cluster 
with Cluster-Aware Updating (CAU)” shows this update process as 
well as demonstrates some other CAU-related activities. After CAU 
completes the update process, you can click the Generate report on 
past Updating Runs action to obtain a report that shows the details 
of the CAU execution. 

Note that CAU supports a “configured but on hold” setup in 
which the update cycle is always manually forced and never sched¬ 
uled. With this setup, you need to trigger the update application 
manually or use some other process to trigger it. For more informa¬ 
tion about this setup, see “Advanced Options and Updating Run 
Profiles for CAU.” 


Figure 4 

Monitoring the 
Updates While They're 
Being Applied 
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What You Need to Keep in Mind 

CAU is a fantastic feature, but it’s still very important that you test the 
updates using the standard update validation processes before allow¬ 
ing CAU to deploy them. So, if you plan to let CAU run on autopilot, 
you need to make sure that you allow enough time for this testing 
when scheduling the updates. 

In addition, you need to make sure you don’t have other update 
processes going on, such as automatic updates applied outside of 
CAU, because this could cause downtime to your cluster. Keep in 
mind that CAU isn’t a new patching technology. It’s an orchestration 
technology that leverages your existing patching technologies. 

Finally, CAU is one technology you don’t want to tell your boss 
about. As far as he or she is concerned, you’re still working all week¬ 
end patching your 14 separate clusters! ■ 
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Importing and Exporting CSV 
and XML Files in PowerShell 

Manually parsing CSV and XML files 
is a thing of the past 


T he classic Cmd.exe shell in Windows OSs provides a very simple 
means of processing text. For example, the For /f command lets 
you read lines of text from a file and process them one line at a 
time, and the > operator lets you write a command’s output to a text file. 

However, simple line-by-line text parsing starts to break down when 
you need to process structured data. For example, comma-separated 
value (CSV) files are an extremely common data exchange format. 
I’ve lost count of how many times I’ve seen the following question in 
online forums: How can I read input from a CSV file using a batch file 
(i.e., a Cmd.exe shell script)? It’s possible, but you’re forced to do all 
the parsing manually and it’s fraught with problems. For example, if 
an input string contains special characters such as < or > , the pars¬ 
ing will fail. Parsing XML files using Cmd.exe is even more difficult, 
if not downright impossible. 

Using PowerShell for Importing and Exporting 
Structured Data 

Windows PowerShell overcomes the aforementioned difficulties by pro¬ 
viding a set of cmdlets for importing and exporting structured data. All 
these cmdlets have either CSV or XML in their names, so you can get a 
list of them by entering the following command at a PowerShell prompt: 

Get-Command | Where-Object { ($_.Name -like "*csv*") 

($_.Name -like "*xml*") } | Select-Object Name 


Bill 
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Figure 1 

Sample.csv 


When you run this command, you’ll see a list of all the cmdlets in 
your PowerShell session that contain CSV or XML in their names or 
their aliases. I’m going to focus on the cmdlets containing the verbs 
Export and Import so that you can get a grip on the basics. 


Importing CSV Files 

As I noted previously, CSV is an extremely common format for exchang¬ 
ing data. A CSV file is a plain-text file that represents a table of data. Each 
line of the file represents one record (row) of data. The first line of the 

file usually (but not always) 
specifies the names the fields 
(columns). Data items within 
each row are separated by a 
delimiter character. A comma 
is commonly used as a delim¬ 
iter (especially when dealing 
with textual data), so the 
data items in a CSV file are usually enclosed within double quotes (") 
or some other quoting character. Table 1 shows a sample data table. 
Figure 1 shows how this data would be represented in a CSV file. 


Table 1: Sample Data Table 

DisplayName 

EmailAddress 

Garvin, Fred 

fred.garvin@contoso.com 

Flynn, Phineas 

phineas.flynn@contoso.com 

Bates, Gil 

gil.bates@contoso.com 


"DisplayName","Mail" 

"Garvin, Fred","fred.garvin@contoso.com" 
"Flynn, Phineas","phineas.flynn@contoso.com" 
"Bates, Gil'V'gil .bates@contoso.com" 


The Import-Csv cmdlet reads a CSV file and outputs a list of cus¬ 
tom PowerShell objects, one for each row of the input data. Power- 
Shell uses the first row of the CSV file as the objects’ properties, and 
the subsequent lines of the file are the output objects. For example, if 
you run the command 

Import-Csv Sample.csv 
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PowerShell will output three objects with two properties each: 
DisplayName and Mail, as shown in Figure 2. 


Di splayName 

Mail 

Garvin, Fred 
Flynn, Phineas 

fred.garvin@contoso.com 
phineas.flynn@contoso,com 

Bates, Gil 

gil.bates@contoso.com 


Figure 2 

Output from Using 
Import-Csv to Read a 
CSV File 


If the CSV file you want to import doesn’t have a header row, you 
can use the -Header parameter to name the object properties. That is, 
if Samplel.csv was missing the first line (the header row), you’d use 
a command like this instead: 

Import-Csv Sample.csv -Header DisplayName,Email Address 

Import-Csv uses the comma character as its default delimiter, but 
you can use the -Delimiter parameter to specify a different delim¬ 
iter character. For example, if Sample.csv used a tab character as the 
delimiter, you’d use this command: 

Import-Csv Sample.csv -Delimiter M 't" 

Because Import-Csv outputs PowerShell objects, you can then use 
other PowerShell cmdlets to process the objects. For example, sup¬ 
pose you want to sort the output by DisplayName, but you only want 
to output the Mail property from each object. To do this, you can use 
the Sort-Object and Select-Object cmdlets: 

Import-Csv Sample.csv | Sort-Object DisplayName | 

Select-Object Mail 

You can also pass these objects along to the ForEach-Object cmdlet 
for processing: 
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Import-Csv Sample.Csv | ForEach-Object { 

"'{0}" <{1}>' -f $_.Dis pi ayName,$_.Mai 1 

} 

This command uses the -f operator to output a formatted string for 
each object and produces the output shown in Figure 3. If you’re 
unfamiliar with how to use the ForEach-Object, Sort-Object, and 
Select-Object cmdlets, see “PowerShell Basics: Filtering Objects” and 
“PowerShell Basics: Select-Object.” 


Figure 3 

Output from Using 
Import-Csv and 
ForEach-Object to Read 
and Process a CSV File 


"Garvin, Fred" <fred.garvin@contoso.com> 
"Flynn, Phineas" <phineas.flynn@contoso.com> 
"Bates, Gil" <gil.bates@contoso.com> 


Exporting CSV Files 

Sometimes you need to create a CSV file from PowerShell output 
objects. To do so, you pipe PowerShell’s output to the Export-Csv 
cmdlet and specify a filename. PowerShell will then write the output 
objects to a CSV file. It really is that simple, with one minor caveat. By 
default, Export-Csv writes a line starting with the string #TYPE as the 
first line of the CSV file. Export-Csv’s -NoTypelnformation parameter 
omits this extra line of output, so I usually include this parameter. 

For example, suppose you want to create a copy of Sample, csv 
sorted by the Display Name property. All you need to do is import the 
file, pipe its contents to the Sort-Object cmdlet, then export the con¬ 
tents to a new CSV file: 

Import-Csv Sample.csv | Sort-Object DisplayName | 

Export-Csv Sample-Sorted.csv -NoTypelnformation 

Note that Export-Csv can output any PowerShell objects, not just objects 
produced from using Import-Csv. For example, consider the command: 
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Get-Childltem | Sort-Object Length | 

Select-Object FullName,LastWriteTime,Length | 

Export-Csv Data.csv -NoTypelnformation 

This command creates a CSV file containing the files in the cur¬ 
rent directory, sorted by file size. Note that this command uses the 
Select-Object cmdlet to select each file’s full filename, last write 
time, and file size (length), so these three properties will be the 
columns in the CSV file. 

Importing XML Files 

XML is another type of text file that stores structured data. Listing 1 
shows an XML representation of the data in Table 1. 

The data in an XML document is arranged hierarchically. In 
Sample.xml (Listing 1), you have a root element (< database >) 
and three child elements of the root element (< record >). The 


Listing 1: Sample.xm 


<?xml version="1.0"?> 

<database> 

<record> 

<DisplayName>Garvin, Fred</DisplayName> 
<Mai1>fred.garvinOcontoso.com</Mai1> 
</record> 

<record> 

<DisplayName>Flynn, Phineas</DisplayName> 
<Mai1>phineas.f1ynn@contoso.com</Mai1> 
</record> 

<record> 

<DisplayName>Bates, Gi1</DisplayName> 

<Mai1>gi1.batesOcontoso.com</Mai1> 
</record> 

</database> 
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elements are in pairs, and elements can contain other elements. 
An opening element uses angle brackets around its name (e.g., 
< record >), and its closing element uses a forward slash before 
the element’s name (e.g., < /record, >). When working with XML 
data in PowerShell, you must have a single root element. The other 
elements are contained within the root element. 

PowerShell has an Import-Clixml cmdlet, but Import-Clixml can’t 
import Sample.xml because Sample.xml isn’t in the exact format 
needed by the cmdlet. (I’ll discuss this more in the next section.) 
Instead, you can use the Get-Content cmdlet and the [Xml] type 
accelerator: 

$Data = [Xml] (Get-Content Sample.xml) 

After entering this command, the $Data variable contains an XmlDocu- 
ment object. The XmlDocument object contains two properties: xml 
(the < xml > element at the top of the file) and database (the root ele¬ 
ment). You can output the data from the XML file as follows: 

$Data.database.record 

This command produces the exact same output as does Figure 2— 
that is, the command outputs three objects with two properties each 
(DisplayName and Mail). 

If the XML data file that you want to import was saved by the 
Export-Clixml cmdlet, you don’t need the [Xml] type accelerator and 
Get-Content cmdlet. Instead, you can use the Import-Clixml cmdlet, 
as discussed in the next section. 

Exporting XML Files 

You can export an XmlDocument object to a file by using the Export- 
Clixml cmdlet. Just like Export-Csv, Export-Clixml requires a file¬ 
name. Consider the following commands: 
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$Data = [Xml] (Get-Content Sample.xml) 

$Data | Export-Clixml Data.xml 

The first command imports Sample.xml (Listing 1) as an XmlDocu- 
ment object. The second command exports the XmlDocument object 
to Data.xml. 

Import-Clixml is the inverse of Export-Clixml. Import-Clixml 
retrieves an XML file exported by Export-Clixml as an XmlDocument 
object. For example, in the following command, Import-Clixml is 
retrieving Data.xml: 

$Data2 = Import-Clixml Data.xml 

After you run this command, the $Data2 variable contains a duplicate 
of the same XmlDocument object stored in $Data. 

Keep in mind that you can only use the Import-Clixml command 
to import an XML file created by Export-Clixml—that is, the XML file 
must contain a specific set of elements in order for Import-Clixml to 
import it. If the XML file isn’t in the specific format required, you 
need to use the [Xml] type accelerator and Get-Content, as discussed 
in the previous section. 

Take Control of CSV and XML Files 

CSV and XML text files are both extremely common data interchange 
formats. PowerShell’s designers provided some exceptionally power¬ 
ful and easy-to-use cmdlets to help you import and export both of 
these formats. Thankfully, manually parsing CSV and XML files is 
now a thing of the past. ■ 


WWW.WINDOWSITPRO.COM 


Windows IT Pro / December 2013 



Feature 


A 


Learn What System Center 
2012 Operations Manager 
Can Do for You 

Monitor your IT environment from a single console 
or through alert notifications sent to your email 



Orin 

Thomas 

is a contributing editor for 
Windows /rPro and a 
Windows Security MVP. He 
has authored or coauthored 
more than a dozen books for 
Microsoft Press. 

Email 
Blog 



S ystem Center 2012 Operations Manager is Microsoft’s product 
for monitoring servers, services, devices, and applications. It 
provides a central console from which you can view the status 
of all these components within your environment. 

You can install System Center 2012 Service Pack 1 on computers 
running Windows Server 2008 R2 and Windows Server 2012 and use 
either the Standard or Datacenter editions of SQL Server 2008 R2 or 
the Standard or Enterprise editions of SQL Server 2012. In this article, 
I present an overview of the core Operations Manager concepts in 
System Center 2012. 

Operations Manager Agent 

The Operations Manager agent is responsible for gathering data from 
a host computer. You install the agent on a computer that you want to 
monitor. The agent reports to a management server. The management 
server then writes the information to the Operations Manager data¬ 
base. You configure which information the agent gathers by importing 
management packs and configuring monitors and rules within those 
packs. You can deploy the Operations Manager agent directly from 
the Operations Manager console or include it in a deployment image. 

Although most of the computers that you monitor have the agent 
installed, it’s possible to monitor services and devices that don’t have 
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the Operations Manager agent installed. This is known as agentless 
monitoring. For example, you can configure the agent to monitor the 
health of a web application based on its response to a specially crafted 
HTTP request or monitor whether a router is available based on its 
response to Internet Control Message Protocol (ICMP) traffic. You can 
also use agentless monitoring to indirectly monitor a computer; how¬ 
ever, agentless monitoring uses remote procedure call (RPC), which 
means that it won’t work in all situations because of limits to con¬ 
nectivity and in functionality. You also should be aware that not all 
management packs work when a computer is monitored in agent¬ 
less mode. Additionally, agentless monitoring places greater resource 
requirements on the management server than does traditional agent 
monitoring. 

Management Packs 

Management packs are collections of stored wisdom about what con¬ 
stitutes the acceptable health and performance of specific products. 
Put another way, management packs tell Operations Manager what 
to look for and when to flag something that requires attention. For 
example, the Microsoft Exchange Server 2010 Management Pack con¬ 
tains a set of instructions that lets Operations Manager look for spe¬ 
cific events, performance data, and configuration settings and report 
back when these items fall outside the parameters of what’s defined 
as a healthy Exchange server. Management packs exist for almost all 
Microsoft products and a large number of third-party products, too. 
Management packs include: 

• Monitors that let you watch a computer for the status of specific 
events, scripts, services, or performance counters. 

• Rules that specify which items should be monitored, what data 
should be collected, and the action that should be taken. 

• Attributes that an object can have. 

• Object Discoveries that find objects that Operations Manager can 
monitor. 
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• Overrides that let you configure custom settings different from the 
default in a management pack (e.g., the severity of an alert). 

• Service-Level Tracking that lets you monitor service-level objec¬ 
tives for an application. 

• Tasks (e.g., restarting application pools, restarting services, or 
running scripts) that can be performed against managed objects. 

• Views that display specific information, including alerts, events, 
and performance data. 


Figure 1 

Operations Manager 
Console Showing 
Management Packs 


Operations Manager ships with approximately 100 management 
packs. You can download additional management packs through 
the Operations Manager console (Figure 1) from the Management 
Pack Catalog Web Service hosted by Microsoft. You also can obtain 
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management packs from third-party vendors, or you can create 
your own. 

Timing. The trick with management packs is to realize that you 
need to spend time tuning them. You tune management packs by 
overriding default alert settings (e.g., changing an existing alert sever¬ 
ity), changing the target of the rule or monitor, or disabling the rule 
or monitor entirely. 

Many administrators new to Operations Manager install a manage¬ 
ment pack and then feel overwhelmed by the number of alerts that it 
generates. This happens for a couple of reasons: 

1. The servers you are monitoring probably aren’t configured 
according to best practices and should be brought up to an 
appropriate configuration standard. Until the servers are prop¬ 
erly configured, they’ll spew alerts like a fire hose. 

2. The authors of some management packs have gone overboard 
and configured them with alerts for things that are only mildly 
important as opposed to extremely critical. 

Microsoft recommends you import one management pack at a time 
and spend time tuning it before you import additional management 
packs. If you don’t tune management packs properly, you’ll end up 
ignoring not only the unimportant alerts, but the critical ones as well. 

Rules. Management packs have rules that specify which items and 
data an agent collects from a computer that it’s monitoring. Rules also 
specify what action should be taken with that information. A rule can 
be as simple as creating an alert if a specific item is written to an event 
log, or a rule can trigger another task such as running a script. 

For example, to create a rule that triggers an Operations Manager 
alert when event ID 12345 is written to the System event log, perform 
the following steps: 

1. In the Authoring workspace of the Operations Manager console, 
expand Management Pack Objects and click Rules. 

2. In the Tasks pane, click Create a Rule. 
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Figure 2 

Creating a Rule 



Select the type of rule to create 



Description: This folder contains rule types that generate alert from various data sources 


Management pack 


Select destination management pack: 

|<SelectManagementPack> v] | New... 


Next > | | Create | Cancel | 


3. In the Rule Type dialog box of the Create Rule Wizard (Figure 2), 
expand Alert Generating Rules and then expand Event Based. Click 
NT Event Log (Alert) and select a destination management pack. 

4. In the General dialog box, provide a rule name and select the Rule 
target. A rule target can be any object defined in a management 
pack, from a security group and service to a hardware device. 

5. In the Event Log Type dialog box, click the ellipsis (...) button, 
click System log, and click OK. 

6. In the Build Event Expression dialog box, enter event ID value 
12345 and the event source. 

7. In the Configure Alerts dialog box, choose the alert Name, Pri¬ 
ority, and Severity, as well as the alert description text. 
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Microsoft offers more examples of how to create rules in System Cen¬ 
ter 2007 Operations Manager online. 


Alerts 

Alerts notify you when something requires your attention. Figure 3 
shows the Create a unit monitor screen for configuring an alert for a 
monitor. Alerts have one of three priorities: Low, Medium, and High. 
Alerts also have three severities: Informational, Warning, and Criti¬ 
cal. You also can set the alert severity to match the health of a moni¬ 
tor by selecting Match monitor’s health on the severity drop-down 
list. Monitor health can be Healthy, Warning, or Critical. 




Create a unit monitor 


Configure Alerts 


Monitor Type 
General 
Service Details 
Configure Health 


Configure Alerts 




Alert settings 

@ Generate alerts for this monitor 
Generate an alert when: 

| The monitor is in a critical health state v | 

@ Automatically resolve the alert when the monitor returns to a healthy state 


# Help 


Alert properties 


Alert name: Priority: 


Example Monitor 

| Medium 

v| 

Alert description: 

Severity: 


The example service has faile4 

L^J | Critical 

ZT3 
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Monitors 

Monitors let you watch a computer for the status of specific events, 
scripts, services, or performance counters. There are three types of 
monitors you can create: 

• Unit Monitor—Lets you monitor one item, such as a counter, 
event, script, or service. 

• Dependency Rollup Monitor—Lets you monitor the status of items 
based on an existing relationship (e.g., the health of Active Direc¬ 
tory (AD) based on the health of the DNS server). 

• Aggregate Rollup Monitor—Lets you group monitors together. 

This is useful when a service or application is dependent on a 
number of components. If any of those components fail, the appli¬ 
cation or service will not function. 

To create a unit monitor that monitors the status of a service such as 
the DNS client service, perform the following steps: 

1. In the Authoring workspace of the Operations Manager console, 
click Create a Monitor on the Tasks pane. 

2. Choose Unit Monitor. 

3. In the Select the type of monitor to create window in the Create 
a unit monitor dialog box (Figure 4), select the type of monitor 
you want to create and the destination management pack. 

4. In the General dialog box, specify the name of the unit monitor 
and set the Monitor Target. 

5. In the Service Details dialog box, click the ellipses (...) but¬ 
ton. You can select the computer that hosts the service you 
want to monitor, as well as select the service that you want to 
monitor. 

6. In the Configure Health dialog box, choose the health state for 
the service. By default, if the service is running, the health state 
is set to Healthy; and if the service is not running, the health 
state is set to Critical. You can configure the health state to be 
Critical, Warning, or Healthy. 
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Monitor Type 


General 
Service Details 
Configure Health 
Configure Alerts 


,i Help 


Select the type of monitor to create 


[±hB SNMP 

WMI Performance Counters 
[j-3 Log Files 
ffl-n Windows Events 
Windows Services 

Basic Service Monitor 
S~ C3 Windows Performance Counters 
lii-n Scripting 
B-3 WMI Events 


Description: A two state monitor that uses WMI to check the state of the specified Windows service. 

The monitor will be unhealthy when the service is not running and has been set to start 
automatically. 

Management pack 

Select destination management pack: 

I ExampleMP vl I New... 


Next > Cancel ~| 


Figure 4 

Selecting a 
Monitor Type 


7. In the Alert settings dialog box, you can configure whether an 
alert is generated if the monitor is in a critical or warning state. 
If you choose to generate an alert, you can specify alert name, 
priority, severity, and alert description. 

Network Monitoring. You also can use Operations Manager to moni¬ 
tor physical and virtual network devices such as routers and switches. 
You can monitor network device statistics related to traffic volume, 
utilization, dropped packet rate, and broadcast traffic at the port and 
interface level. Operations Manager supports SNMP vl, v2c, and v3. 
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Additionally, Operations Manager also supports monitoring the health 
of Virtual LANs and Hot Standby Router Protocol. The Network Vicin¬ 
ity View feature lets you view network topology information, including 
which computers are connected to specific network devices, and the 
health of those connections (e.g., monitoring the functionality of ports 
on a switch as well as the health of network adapters on a server). 

Distributed Application Monitoring. Distributed Application Mon¬ 
itoring lets you monitor multi-tiered applications. For example, you 
might have an application that includes three servers hosting a load- 
balanced, web front end and two servers in a SQL Server AlwaysOn 
Availability Group as a back end. Distributed Application Monitoring 
lets you monitor this application as a whole, but also drill down and 
view the state of locate-specific components that comprise the dis¬ 
tributed application. 

Notifications 

While information about servers, services, applications, and devices is 
available from the Operations Manager console, you aren’t always in 
front of the console to see it. The Notifications feature lets you config¬ 
ure Operations Manager to send information through email, IM, SMS, 
or by running a script that triggers an alternative method of notifica¬ 
tion. The main trick with notifications is to only configure notifications 
for alerts to which you would respond. A rookie mistake is to configure 
notifications for everything. The result is that the Operations Manager 
administrator is flooded with medium- and low-priority information— 
and ends up missing the high-priority alerts. 

Channels. Channel defines the method of communication used to 
notify someone. You can configure an SMTP, SMS, IM, or command- 
based channel. Most organizations use an email message to notify 
an administrator because almost all of them have an email-capable 
smartphone. 

Subscribers. Subscribers are the people who receive notifications. 
You associate a subscriber with an AD user account, an address, and 
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Description 


Addresses 


Schedule Notifications 


Notification Subscriber Wizard 


Set the master schedule for notifying the person. Notification schedules can be further 
customized for each subscriber address. 


C Always send notifications 
® Notify only during the specified times: 


Schedules to send: 


c§iAdd... Edit... ^Remove.. 


Date Range 

Time Range 

Weekdays 

Always 

0:00 AM -5:30 PM 

Week days 


< Previous 


Newt > 


Finish 


Cancel 


Figure 5 

Scheduling 

Notifications 


times at which the subscriber will receive notifications (Figure 5). 
When configuring notifications, you can specify multiple subscribers. 
Subscribers will be notified based on the settings in their schedule. 

Subscriptions. Subscriptions let you specify which subscribers are 
notified through particular channels when a specific type of alert 
occurs. Through subscriptions, you ensure that the Exchange admin¬ 
istrator is notified when an alert related to Exchange arises, and that 
the SQL administrator is notified when an alert related to the health 
of the organization’s instances of Microsoft SQL Server occurs. Creat¬ 
ing a subscription involves setting the 

• Conditions (Figure 6) 

• Subscribers 

• Channels 
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Figure 6 

Setting the Conditions 
for Alerts 




* 

^ Criteria 


Description 



Criteria 


Notification Subscription Wizard 


Subscription Criteria 


Subscribers 

Channels 

Summary 


When alerts are generated for the objects that match the criteria specified below, notifications will be sent to 
specified subscribers. 


Conditions 


□ raised by any instance in a specific group 
|~| raised by any instance of a specific class 
[ | created by specific rules or monitors (e.g., sources) 

[ | raised by an instance with a specific name 

— 

^ of a specific severity JHB 

@ of a specific priority 

□ with specific resolution state 

□ with a specific name 

□ with specific text in the description 

□ created in specific time period 


Criteria description (click the underlined value to edit): 


Notify on all alerts 
of a Critical severity 
and of a High priority 


Finish ~| | 


Going Further 

Operations Manager has greater functionality than an introductory 
article—or even a book—could cover. You can configure comprehen¬ 
sive security roles and tasks for Operations Manager that let users 
with appropriate authority respond to alerts only for specific servers. 
You also can integrate Operations Manager with other System Center 
products such as Service Manager (where service tickets can be auto¬ 
matically populated with the contents of Operations Manager alerts) 
or with Orchestrator (where sophisticated runbooks can be triggered 
by Operations Manager alerts). Operations Manager helps you man¬ 
age the massive volume of telemetry generated by your organiza¬ 
tion’s servers so you can respond to important issues without getting 
distracted by trivial ones. ■ 
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Microsoft Lync Server 2013 
Front End Maintenance 

Learn some basics related to patching 

and maintenance of Lync 2013 Front End servers 


T he first cumulative update for Microsoft Lync Server 2013 was 
released in February 2013. With the release of the first update 
to Lync Server 2013, there are some items I wanted to cover so 
that you aren’t taken by surprise when performing maintenance or 
patching of the Lync 2013 Front End servers. I’ll cover the following 
areas related to Lync Server 2013 Front End maintenance: 

• Pool quorum 
• Upgrade domains 
• Best practices 

Pool Quorum 

Lync Server 2013 introduced the concept of a quorum, which is a 
major change from previous editions of Lync. Microsoft Office Com¬ 
munications Server (OCS) 2007 R2 introduced SQL Server clustering 
with Back End servers for the Front End pool. A basic understanding 
of how quorums work with clustering is now coming into play for 
Lync 2013 administrators, not necessarily on the SQL Server Back End 
server side but on the Front End servers. 

In order for a Lync 2013 Front End pool to be considered in a func¬ 
tional state (which is a good thing), a particular number of Front 
End servers in the pool need to be up and running. Table 1 shows 
the minimum number of servers that are required to be online and 
available in order for the Lync 2013 Front End pool to be in a func¬ 
tioning state. 
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Table 1: Lync Server 2013 Front End Quorum Reference 

Total Number of Front End 
Servers in the Pool 

Number of Servers that Must Be 
Running for Pool to Be Functional 

1-2 

1 

3-4 

2 

5-6 

3 

7-8 

4 

9-10 

5 

11-12 

6 


In the event that you’re performing maintenance or patching Lync 
2013 Front End servers and you bring more than the appropriate 
number of Front End servers down, you’ll get an error message in 
the Event viewer stating “Local Pool Manager has been disconnected 
from Pool Manager.” If the number of remaining running servers is 
still below the threshold level, the remaining servers Lync services in 
the pool will stop, making the pool inoperable. 

Upgrade Domains 

Front End servers in an Enterprise Edition pool are organized into 
upgrade domains. Upgrade domains are created by Topology Builder 
when a Front End server is added to the topology and published. 
The Microsoft Lync Server team recommends when upgrading Front 
End servers that you perform the upgrades one server at a time, as 
opposed to upgrading several Front End servers at the same time. 
The recommended approach calls for bringing a single server down, 
upgrading it, and then restarting it before you upgrade another server. 

From the Lync Server Management Shell, running the cmdlet Get- 
CsPoolUpgradeReadiness displays results if the current pool is ready to 
be patched or serviced. Figure 1 shows the number of Front End serv¬ 
ers that are listed in the pool and the number that are currently active. 
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Administrator: Lync Server Management Shell I ~ I n B 


PS C:\Users\administrator. ” ' ' * Get-CsPoolUpgradeReadinessState 


PoolName 



State 

Ready 


IotalFrontends 

2 


IotalActiveFrontends 

2 


U pgrade Do nain s 

{ 

Uucrrade Do main Name : UucrradeDomainl 

IsReadyForUpgrade: True 
ioua± rroncnntis= i 

Total Active FrontEnds: 1 

Frontends: lsf e0i. 

Uucirade Do main Name : UDcrradeDomain2 

IsReadyForUpgrade: True 

Total FrontEnds: 1 

Total Active FrontEnds: 1 

Frontends: lsf e02. 

> 


PS C:\Users\administrator, > _ 



Figure 1 

Currently Active 
Front End Servers 


Since both servers in the pool are running, the value of True is 
given to IsReadyForUpgmcLe. From this point the administrator can 
proceed with taking one of the servers offline for maintenance or 
patching without affecting the pool’s state. 

The results could differ if one of the two Lync Front End servers 
wasn’t available while running the cmdlet Get-CsPoolUpgradeReadiness 
from the Lync Server Management Shell. Figure 2 shows a pool that 
isn’t ready to allow maintenance to take place. 



Figure 2 

Pool of Servers Not 
Ready for Maintenance 
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The value of IsReadyForUpgrade is False, which displays to the 
administrator. In addition, the False value also lets the administra¬ 
tor know that he shouldn’t proceed with taking the only remaining 
server offline for maintenance; doing so could put the pool in an 
unresponsive state for users. 

Best Practices 

When you plan an upgrade or maintenance of a Lync 2013 pool, 
Microsoft’s recommendation is to update one server at a time. Bring 
one server down, apply the upgrade, and then bring that server 
back up before upgrading another server. For detailed instructions 
on upgrading a Front End server with the Lync 2013 Cumulative 
Update 1, see “Updates for Lync Server 2013.” 


Final Thoughts 

The available Lync Server Management Shell cmdlets for checking 
pool states provide a structured approach to performing patches and 
maintenance in a Lync 2013 Front End environment, despite the 
nuances of Front End server clustering and the need to have a certain 
number of servers in the pool up and running in order for the cluster 
to be in such a state that it’s considered to be functioning. Although 
patching seems like a complex operation, following the proper guid¬ 
ance helps make the process a smooth one. ■ 
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FAQ 

Answers to Your Questions 

Q B I’m planning CPU requirements for a Hyper-V 
■ host. Do I need to reserve processor resources 
for the Hyper-V host? 

A m Typically, no. When thinking about processor resources, 
■ you need to remember that it will be the virtual machine 
(VM) virtual processors performing most of the work. Provided the 
Hyper-V host isn’t running any other role or application and isn’t run¬ 
ning anti-malware, guest OSs are running the latest integration com¬ 
ponents, and you aren’t using the legacy network adapter for normal 
traffic, then the Hyper-V host isn’t performing processor tasks and is 
really just facilitating I/O. 

Even very large I/O loads don’t cause much processor use on the 
host, because the VM virtual processors do most of the work. The 
hypervisor makes sure the host gets what it needs, so there’s no need 
to reserve a specific amount for the host. You should focus on ensur¬ 
ing resources to meet the needs of the VMs. 

—John Savill 

Q B What happens to runbooks if the runbook server 
■ they’re running on shuts down or crashes? 

A u If a runbook server fails, then another runbook server will 
■ take over the execution of its runbooks. However, the run¬ 
book would be restarted from the beginning, because all the data bus 
content would be lost and there’d be no way for the new runbook 
server to know at what point the runbook failed. 



John Savill 
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It’s therefore very important when writing your runbooks to have 
error checking built in. In addition, it’s important to have validations 
performed to check that a certain step hasn’t already occurred. 

I try to write runbooks under the assumption that every step could 
have already been performed, so I have a check before performing 
any action that’s not idempotent (meaning it can’t be repeated with¬ 
out changing the value). This is also a good reason to try to avoid 
creating long-running runbooks, because the length increases the 
chance of a failure occurring during execution. 

—JohnSavill 

Q b Is it possible to mix Windows Server 2012 

■ Hyper-V and Windows Server 2012 R2 Hyper-V 
with Hyper-V Replica? 

A B The only supported m ix of those versions is when the pri- 
■ mary virtual machine (VM) is running on Windows Server 
2012 Hyper-V and the replica is running on Windows Server 2012 R2 
Hyper-V. This support enables organizations to upgrade without hav¬ 
ing to break replicas. A Windows Server 2012 Hyper-V server can’t 
host a replica of a VM running on Windows Server 2012 R2 Hyper-V. 

—JohnSavill 

Q b I added drivers to my Windows PE image for my 
■ OS installation. Why aren’t the drivers available, 
and why does my installation fail, saying the hardware 
“can’t be seen”? 

A b The boot.wim file actually contains two separate images, 
■ as you can see in the information I retrieved: 

PS C:\windows\system32> dism /get-wiminfo / 
wimfi1e:d:\temp\boot.wim 
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Deployment Image Servicing and Management tool 
Version: 6.3.9600.16384 

Details for image : d:\temp\boot.wim 

Index : 1 

Name : Microsoft Windows PE (x64) 

Description : Microsoft Windows PE (x64) 

Size : 1,259,685,118 bytes 

Index : 2 

Name : Microsoft Windows Setup (x64) 

Description : Microsoft Windows Setup (x64) 

Size : 1,356,525,607 bytes 

The operation completed successfully. 

Typically, you mount the first image and add your drivers. The problem 
is that Windows boots from and uses the second image, not the first. So 
you need to inject your drivers into image 2 and not image 1. 

—John Savill 

Q B I configured a virtual network on Windows 
■ Azure and a site-to-site VPN between that 
virtual network and my on-premises one. Is it possible 
to add a second VPN to another location? 

A m When using Windows Azure, it’s possible to create a virtual 
■ network that creates an affinity group; the virtual network is 
defined by an IP scheme you specify. Virtual subnets can be created that 
exist within the virtual network. For each virtual network, a gateway can 
be created that allows a site-to-site connection to be configured between 
the Windows Azure virtual network and the on-premises network. 


WWW.WINDOWSITPRO.COM 


Windows IT Pro / December 2013 79 



Ask the Experts 


A 


At this time, only a single site-to-site VPN connection can be cre¬ 
ated between a Windows Azure virtual network and an on-premises 
location. This means it isn’t possible to connect a Windows Azure 
virtual network to multiple on-premises networks. 

Any routing between other on-premises locations would need to 
be performed via the on-premises location that connects to Windows 
Azure. A local on-premises network could connect to multiple differ¬ 
ent Windows Azure virtual networks. 

Another VPN option is currently in preview mode: It’s a point- 
to-site VPN option that connects a single machine to the Windows 
Azure virtual network. With it, multiple computers can simultane¬ 
ously connect using the point-to-site Windows Azure VPN option. 

—JohnSavill 

Q b Do I need a Windows Client Access License 
■ (CAL) for machines that just use Windows 
Server for DNS or DHCP? 

A m The only time you don’t require a Windows CAL is when 
■ accessing Windows Server hosted services from the Internet 
in an unauthenticated manner. Machines using Windows Server for 
DNS or DHCP require Windows CALs. This is confirmed in Microsoft’s 
licensing documentation: 

Any direct or indirect access of Windows Server requires a CAL, 
except for anonymous access through the Internet. For example, 
the use of DNS—a service that helps route network traffic— 
requires the purchase of a Windows Server license and CALs to 
use and access this particular role in managing your organiza¬ 
tion’s domain names. Even with infrequent or occasional use, 
access of Windows Server DNS capabilities requires a CAL. 

—JohnSavill 
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■ How can I create a random password in System 

■ Center Orchestrator? 

■ In the Utilities activity group is a Generate Random Text 

■ activity that will create a random string of the specified 
length. You can also configure the requirements to include lowercase, 
uppercase, numbers, and symbols (see Figure 1). 


Generate Ranrlom Text {2) Properties 
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Figure 1 

Generate Random Text 
Properties Screen 


—John Savill 

Q B How can I create a highly available virtual 
■ machine (VM) using System Center Virtual 
Machine Manager (SCVMM)? 

A m It might initially seem confusing to create a highly available 
■ VM with SCVMM. There’s no separate “highly available” 
or “cluster” option to use when creating a VM. 

Instead, to make a VM highly available, during creation, under the 
Configure Hardware tab, open the Availability section under Advanced. 
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A 


Select the check box for the option Make this virtual machine highly 
available in the High availability section (see Figure 2). This will then 
tell SCVMM to make the new VM a cluster resource and store it on 
cluster storage. 


Figure 2 

Create Virtual Machine 
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—John Savill 
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Product News 
for IT Pros 

AutoMate 10 Offers Unprecedented Cloud, Server, automaton 

and Software Integration 

Network Automation announced the latest AutoMate product family 
update: AutoMate 10. Featuring an improved interface, AutoMate 10 
takes no-code task development to a new level with simple drag-and- 
drop deployment and unparalleled cloud, server, and software integra¬ 
tion capabilities. AutoMate 10 reimagines and reorganizes its Action 
Library of more than 600 actions and activities to make it easier to 
create tasks, giving users the power to build custom tasks quickly and 
helping them move from concept to production in record time. Instead 
of requiring IT teams to generate, memorize, and manage custom 
scripts throughout complex systems, AutoMate 10’s code and syntax- 
free scripting capabilities allow users to automate key tasks and pro¬ 
cesses without writing batch files and custom scripts, enabling IT pros 
to focus on more strategic priorities and reduce code maintenance costs. 

For more information, visit the Network Automation website. 


BlueStripe Supports System Center 2012 R2 ERLUE (TRIPE 

BlueStripe Software announced integrated support for Microsoft System 
Center 2012 R2 in the company’s FactFinder solution, which provides 
real-time dynamic application maps and transaction alerts. FactFinder 
automatically discovers, maps, and monitors all business transactions 
running within the data center and across the cloud. It measures per¬ 
formance, hop-by-hop, everywhere that transactions go, across tiers, 
across platforms, and across architectures—even into virtual machines 
(VMs); public, private, and hybrid cloud; and third-party services. 

When performance or availability problems occur, FactFinder follows 
the slow or hung transaction right to the problem component, then 


WWW.WINDOWSITPRO.COM 


Windows IT Pro / December 2013 83 





drills down the server stack to determine why the problem occurred. 
For additional information, please visit the BluStripe Software website. 


Kaseya 


Kaseya Acquires 365 Command 

Kaseya acquired 365 Command, a solution enabling IT organizations 
to easily manage and administer the Microsoft Office 365 cloud appli¬ 
cation suite. With this acquisition, Kaseya offers powerful cloud appli¬ 
cation management that complements its larger portfolio of IT systems 
monitoring and management for on-premises, cloud, and mobile 
infrastructure. The 365 Command solution replaces the command-line 
interface of Windows PowerShell with a rich, user-friendly web-based 
interface, eliminating the need for PowerShell scripting for common 
management tasks, saving organizations significant time and money. 
Flexible reporting provides instant visibility into the environment for 
easy management and decision-making support. Key features of the 
solution include an Exchange Migrator for easy migration from on¬ 
premises Exchange to Office 365; advanced user management, includ¬ 
ing password reset with options, distribution group management at 
user or group level, and more; mailbox templates that enable central¬ 
ized application of settings to groups of mailboxes governing reten¬ 
tion, mailbox access methods, regional options, quotas, and more; and 
intuitive dashboards that provide a quick overview of the Exchange 
environment. Check out the Kaseya website. 


, Barracuda Expands Cloud Offering on Windows Azure 

■< »»... Barracuda Networks has expanded the number of its products available 
on the Windows Azure cloud platform. Barracuda Web Application Fire¬ 
wall, Barracuda NG Firewall, and Barracuda Load Balancer ADC will be 
available for customers using Windows Azure. Barracuda Web Appli¬ 
cation Firewall, one of the first web application firewalls and applica¬ 
tion delivery platforms available on Windows Azure, has gained market 
traction in securing applications hosted on Windows Azure. Barracuda 
NG Firewall provides VPN and security-enhanced remote network 
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access between customer networks and the Windows Azure cloud plat¬ 
form. Barracuda Load Balancer ADC provides high-performance load 
balancing and application delivery for Microsoft applications hosted on 
Windows Azure, such as SharePoint or Exchange Server. New cloud 
editions of the Barracuda Web Application Firewall, Barracuda NG Fire¬ 
wall, and Barracuda Load Balancer ADC enable customers to expand 
their offerings to embrace cloud deployments. For additional informa¬ 
tion, please visit the Barracuda Networks website. 


FalconStor CDP and FalconStor NSS 7.5 Hit the Market f^ fcO nStor 

FalconStor Software announced the availability of FalconStor Con¬ 
tinuous Data Protector (CDP) 7.5 and FalconStor Network Storage 
Server (NSS) 7.5 data protection solutions with RecoverTrac 2.7 disas¬ 
ter recovery automation technology. These solutions offer enhanced 
features for intelligently moving, storing, and protecting data with¬ 
out burdening production resources. The RecoverTrac tool has more 
flexibility to automate failover and fallback with greater accuracy in 
any physical, virtual, or hybrid environment, including VMware and 
Microsoft Hyper-V deployments. Improved capabilities allow users to 
migrate data to and from the cloud, optimize VMware storage envi¬ 
ronments, stretch data protection, fully automate disaster recovery, 
ensure complete protection for Microsoft environments, and replicate 
data with peace of mind. For more information, visit the FalconStor 
Software website. 


NEC Announces First SDN Controller 
with OpenFlow 1.3 Standard 

NEC announced the availability of version 5 of its ProgrammableFlow 
Networking Suite, including the ProgrammableFlow PF6800 Control¬ 
ler, which is the first generally available SDN controller supporting 
the OpenFlow 1.3 standard. The OpenFlow 1.3 specification provides 
broader interoperability and features that give customers more choice 
when they’re designing networks. Added flexibility helps customers 
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A 


avoid vendor lock-in and lets them take advantage of simple, scalable, 
secure application-aware networking. NEC designed version 5 of the 
ProgrammableFlow networking suite to support more interoperability 
with other OpenFlow devices, even when both OpenFlow 1.0 and 1.3 
versions are present in a network; double the scalability of the pre¬ 
vious controller, now supporting up to 10,000 ports or 200 physical 
switches per controller (compared to 100 switches previously); use IP 
Multicast, for the first time in an OpenFlow environment, to deliver 
a single stream of information simultaneously to multiple users; 
and interoperate with the new networking functions in OpenStack’s 
Grizzly release. For more information, go to the NEC website. 


EGNYTE 


Practice Safe SaaS with Egnyte 

Egnyte introduced Storage Connect as an extension to its file-sharing 
solution that will allow users to access files behind the firewall with¬ 
out the need for a VPN. Egnyte’s customers can now easily access all 
the files they need to run their business regardless of where files are 
stored—in any on-premises storage, in any cloud, or a combination 
of both. The addition of Storage Connect makes Egnyte’s solution 
the industry’s only file sync and sharing platform to address the full 
range of enterprise file-sharing needs, enabling businesses to easily 
access their most sensitive files, while still meeting their industry’s 
regulatory requirements. With the new functionality, Egnyte is the 
only platform that solves all enterprise use cases: cloud file shar¬ 
ing (easy mobile access and collaboration from anywhere, using any 
device), private file sharing (remote file access to storage behind the 
firewall using any smartphone, tablet, or computer, without the need 
for VPN), local file access (blazing fast, in-office file access to address 
issues with latency, business continuity, large-file workloads, and 
network congestion), and cross-office collaboration (the ability to 
sync heterogeneous storage devices across distributed offices, which 
enables remote teams to collaborate as if they’re in the same room). 
For more information, check out the Egnyte website. ■ 
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